[go: up one dir, main page]

WO2006067471A1 - Apparatus and method for enabling network connection - Google Patents

Apparatus and method for enabling network connection Download PDF

Info

Publication number
WO2006067471A1
WO2006067471A1 PCT/GB2005/005016 GB2005005016W WO2006067471A1 WO 2006067471 A1 WO2006067471 A1 WO 2006067471A1 GB 2005005016 W GB2005005016 W GB 2005005016W WO 2006067471 A1 WO2006067471 A1 WO 2006067471A1
Authority
WO
WIPO (PCT)
Prior art keywords
token
network
controller
authentication
network node
Prior art date
Application number
PCT/GB2005/005016
Other languages
French (fr)
Inventor
Alexander Ogilvie
Alexander John Haddow
Fraser Renny Ingram
Original Assignee
Airlie Connections Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Airlie Connections Limited filed Critical Airlie Connections Limited
Publication of WO2006067471A1 publication Critical patent/WO2006067471A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/162Implementing security features at a particular protocol layer at the data link layer

Definitions

  • the present invention relates to an apparatus and a method for authenticating network connections , and in particular to a controller adapted to authenticate network connections on connection of a token to the controller .
  • configuration of the network components is required to enable network connections and to provide secure authentication of the connections .
  • the configuration of a computer network can however be complicated and often requires the skills of experienced people .
  • PC personal computer
  • firewalls In making the network secure, the user ' s next problem is the setup of the firewall . Due to the nature of wireless technology it is essential that firewalls be configured correctly or unrestricted access by unknown third parties can be granted unwittingly. Firewalls typically allow the user to set them up such that only specific PCs can gain access to the internet and indeed each other . A secure way to configure a firewall in this way is to use the MAC (media access control) address relating to each network adaptor . This MAC address has to be obtained from the adapter ' s associated PC and entered into the firewall configuration for each network adaptor in use .
  • MAC media access control
  • Wi-fi Protected Access Wi-fi Protected Access
  • the problems are that the setup of the firewall and WEP or WPA keys are complicated processes that require skill and understanding of the user . Consequently, many users do not implement these powerful and secure features of the network even though they purchase it with the capabilities embedded within the hardware and software provided.
  • USB tokens are known in the prior art to be used for authentication of users in a network.
  • the token contains a cryptographic chip for securely storing a user ' s personal identity information, such as passwords or digital certificates . It is an obj ect of the present invention to provide an improved authentication of network connections .
  • a controller for network authentication comprising: a network interface ; an authentication module comprising authentication settings , wherein the authentication module is adapted to control the network interface to authenticate network connections to network nodes using the authentication settings ; and a token interface adapted to connect to a token, thereby updating the authentication settings .
  • the authentication module comprises a firewall .
  • the authentication settings comprise network node identification information .
  • the token interface is adapted to receive network node identification information from the at least one token and to update the authentication settings with the received network node identification information .
  • the token interface is adapted to connect to the token via a USB (Universal Serial Bus ) connection .
  • USB Universal Serial Bus
  • the token interface is adapted to update the authentication settings on detection of disconnection of a token from the token interface .
  • the token interface is adapted to update the authentication settings upon a further condition.
  • the further condition is the expiration of a timer .
  • the further condition is a manual intervention .
  • a token for network authentication comprising : a controller interface adapted to connect to a network authentication controller, thereby updating the network authentication controller ' s authentication settings ; and a node interface adapted to connect to a network node and extract network node identification information from the network node .
  • the controller interface is adapted to connect to the network authentication controller via a USB connection .
  • the controller interface is adapted to update the network authentication controller authentication settings by transferring network node identification information to the network authentication controller .
  • the network node identification information comprises a media access control address .
  • the network node identification information comprises an encryption key.
  • the encryption key is a WEP key .
  • the encryption key is a WPA key .
  • the node interface is further adapted to configure the network node for connection to a network authentication controller .
  • the node interface is adapted to configure the network node by transferring an encryption key to the network node .
  • the node interface is adapted to configure the network node by transferring network authentication controller identification information to the network node .
  • the token further comprises a storage module adapted to store the network node identification information.
  • the storage module is further adapted to store the network authentication controller identification information .
  • the token further comprises an encryption key generation module .
  • the token further comprises a user input module adapted to initiate the operation of the token .
  • the user input module is a button .
  • the user input module further comprises a user authentication module .
  • the token further comprises an indicator module adapted to indicate the completion of the operation of the token .
  • an apparatus comprising a controller and at least one token, wherein the controller authenticates network connections to network nodes by connection to the at least one token .
  • the controller is a controller according to the first aspect .
  • the token is a token according to the second aspect .
  • a method of authenticating network connections including the steps : connecting a token to a network node; extracting network node identification information from the network node and storing the information in the token; connecting the token to a controller; updating the controller ' s authentication settings using the network node identification information from the token; and the controller authenticating network connections to network nodes using its authentication settings .
  • the method further includes a step, while the token is connected to the network node, of configuring the network node for connection to a network authentication controller.
  • the network node is configured with network authentication controller identification information .
  • the network node is configured with an encryption key.
  • the method further includes generating the encryption key and storing the encryption key in the token .
  • the operation of the token is initiated by user input .
  • the method further includes indicating that an operation of the token is complete .
  • the method further includes disconnecting the token from the network node .
  • the method further includes automatically updating the controller authentication settings on disconnection of a token from the controller, so as to disable authentication of network connections to a network node .
  • the method further includes automatically updating the controller authentication settings upon a further condition.
  • the further condition is the expiration of a timer .
  • the further condition is a manual intervention.
  • the network node identification information comprises a MAC address .
  • the network node identification information comprises an encryption key .
  • FIG. 1 illustrates in schematic form network apparatus in accordance with an embodiment of the present invention
  • FIG. 2 illustrates in schematic form an network authentication controller in accordance with an embodiment of the present invention
  • Figure 3 illustrates in schematic form a network authentication token in accordance with an embodiment of the present invention
  • Figure 4 illustrates a flow chart of the steps of network node authentication in accordance with an embodiment of the present invention .
  • a wireless network with a broadband internet connection is shown in accordance with an embodiment of the present invention .
  • a PC 1 has an attached wireless network adaptor 2. This is shown as a separate device attached to the PC, but alternatively a plug in card may be used.
  • the network node made up of the PC and wireless network adaptor has a network connection to the controller 3.
  • the controller is a secure wireless hub that acts as the firewall and ADSL (Asymmetric Digital Subscriber Line) modem.
  • the ADSL modem is connected to the internet via a telecommunications switch 4.
  • the controller has several USB sockets 5. Each USB socket can receive a token or key which permits network access for the PC previously configured by the token .
  • the token has a USB plug 7 for plugging in to the PC ' s USB socket 8 and subsequently into one of the controller ' s sockets .
  • a series of colour coded labels are provided for attaching to the token and the PC that the token has configured . This aids in identifying which token has been associated with which PC ' s network connection.
  • the controller authenticates the network connection of the PC through the controller to other PC ' s on the network (not shown) or other networks devices (not shown) such as a streaming audio player or network storage device, as well as to the internet using the broadband connection .
  • a controller 21 is shown .
  • the controller provides network authentication.
  • the network interface 22 provides a wireless network connection 23 a wired internet connection 24 and a wired ADSL connection 25.
  • An authentication module 26 has stored authentication settings 27.
  • the settings include identification information about network nodes, in particular MAC addresses of network adaptors in the network nodes and WEP keys .
  • the WEP encryption standard is used, although other embodiments may use other standards or methods , such as WPA.
  • the authentication module controls the network interface so as to authenticate network connections to network nodes using the authentication settings .
  • the controller also has a token interface 28 for receiving the connection of tokens through the USB slots 5. When a token is connected to the token interface, network node identification information including a MAC address and a WEP key is transferred into the controller and used to update the authentication settings .
  • the authentication module acts as a firewall .
  • the token interface or some other part of the controller detects the disconnection of a token and automatically updates the authentication settings so as to disable a network connection through the controller from the PC that has previously been configured by and is now associated with the token .
  • the disconnection of a token does not automatically cause the token interface or controller to update the authentication settings so as to disable a network connection .
  • the token interface or controller does not disable the network connection until after a timer expires or an administrator manually disables the connection. This allows a user to have a token configured by their IT department , briefly insert and remove their token at a Wi-fi hot spot, such as a cafe, and have temporary access to the network, without having to remember to collect their token . This has the advantage of only requiring the user to have one interaction with the controller, at the beginning of their network access session .
  • the token 31 has a controller interface 32 for connecting to one of the controllers USB sockets 5 by connection of the tokens USB plug to a socket .
  • the controller interface updates the controller ' s authentication settings by transferring network node identification information to the controller .
  • This information includes the MAC address of the network node to be authenticated and the WEP encryption key generated by the token .
  • MAC information is stored in a storage that is flash memory 34. The storage also stores information about the identity of the controller including its network address .
  • the token also has a network node interface 35 that connects through the USB plug to a USB socket on the PC 8. The node interface, on connection to the PC, configures the PC ' s settings for connection to the controller .
  • the token also includes an encryption module 36 for generating WEP encryption keys .
  • the interfaces and modules of the token are implemented using a standard single chip microcontroller powered by the USB interface .
  • the token also includes a button 37 for the user to start the operation of the token when it is plugged into the PC or the controller .
  • An indicator LED 38 shows the user that the operation of the token is complete .
  • a user authentication module 39 authenticates users . This can be achieved with a biometric sensor and stored biometric information or, for example, a password that can be accessed and configured using the PC with the token connected to it . Thus the use of the key can be restricted to certain authorised users .
  • the token is a USB device which when instructed to do so, by pressing its start button, is able to configure the PC ' s network settings and to extract information about a PC ' s wireless adaptor .
  • the token extracts and stores the MAC address in its memory and generates a unique WEP key for the configuration of the network settings within the PC . Once it has completed its task it turns on a green light to indicate that it is complete .
  • the token and controller co-operate to update the firewall and network settings within the controller with the details about the PC that it was last activated in .
  • the process is repeated with separate tokens for each PC in the network .
  • a token in the controller for each PC which will remain there as long as the network setup for that PC is desired.
  • the token may be removed and the network setup for the associated PC persists until a timer expires or some other condition occurs , such as a manual intervention by an administrator .
  • the token may be programmed to change access privileges using a software Application running on a PC with a token connected to it .
  • the controller of this embodiment has five sockets to receive tokens but this number can be extended significantly with an extension device carrying a further ten sockets connected via USB to the controller , with further extensions being added in a daisy chain .
  • the user connects 41 a token to the PC and presses 42 the start button .
  • the token extracts 43 the MAC address of the network adaptor from the PC and stores it in the token .
  • the token generates 44 a WEP encryption key and stores it in the token ' s memory.
  • the token then configures 45 the PC network settings for connection to the controller by providing the PC with the controller network address and the generated WEP encryption key.
  • the token then activates 46 the LED to indicate that its operation is complete and the user disconnects 47 the token from the PC .
  • the user carries the token to the controller and connects 48 the token by plugging it into a USB socket .
  • the token then activates 51 the LED to indicate that its operation is complete .
  • the controller With the token connected, the controller begins to authenticate 52 network connections using the authentication settings . In particular it allows network traffic and network connections between network nodes , other network nodes , and the internet for the particular network node configured by and associated with the token . This continues until the user disconnects 53 the token from the controller which causes the controller to automatically update 54 its authentication settings so as to disable the authentication of the network node configured by and identified with the disconnected token .
  • the controller performs authentication 55 for network connections but does not allow connection or traffic to or from the network node configured by and associated with the disconnected token .
  • the controller begins to authenticate 52 network traffic , but continues after the disconnection 53 of the token until a further condition is met , for example the expiration of a timer, the manual intervention of an administrator, or the authenticated network node going out of range of the wireless network connection .
  • the authentication may cease irrespective of when the token is removed, for example after a timer expires .
  • tokens are provided associated with network nodes that the user has no direct access to, for example a special token can be pre-programmed with network node information relating to internet access so that the controller will not activate its internet connection via the ADSL modem unless the particular token is plugged into the controller .
  • a master token can be used to activate all network connections or disable the operation of MAC authentication of all the network nodes .
  • the present invention provides several advantages to end users . These include ease of installation, a no-jargon approach using an easy to understand metaphor, simple network administration capability, a secure network infrastructure , secure wireless communications and an easy to scale solution appropriate for home or office use .
  • An advantage for the retailer and manufacturer is that limited support is required compared to solutions which involve user configuration via software interfaces . Further modifications and improvements may be added without departing from the scope of the invention herein described.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Small-Scale Networks (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

An easy-to-use network authentication scheme has USB tokens or keys and a network controller having several USB sockets. The network controller is for example a secure wireless broadband modem/router that acts as a firewall and ADSL modem, using WEP or WPA. A USB token is plugged into a PC, where it configures the PC’s network settings and gathers network information from the PC. The token is then plugged into one of the controller’s sockets where it configures the controller to allow network access for the PC previously configured by the token. The network access may be disallowed immediately upon removal of the token, or on expiration of a timer. The user can therefore avoid software setup of the secure wireless network.

Description

Apparatus and method for enabling network connection
The present invention relates to an apparatus and a method for authenticating network connections , and in particular to a controller adapted to authenticate network connections on connection of a token to the controller .
In the field of computer networks , configuration of the network components is required to enable network connections and to provide secure authentication of the connections .
The configuration of a computer network can however be complicated and often requires the skills of experienced people . For example to set up a PC (personal computer) network requires knowledge of a great many technologies and acronyms . For example IP address , DMZ , encryption, server, sub-address , firewall , domain, USB, TCP/IP, SSL, DHCP, modem, CAT5 cabling, MAC address , filter, ISA, WEP, Hub and network adaptor . To network specialists these are common technologies and terms but to many business or home users they are confusing and troublesome terms . For example in the set up of a wireless home network, in the best case the software configuration comes with a "standard options" dialogue, but if not then the user will be required to be knowledgeable on DHCP (Dynamic Host Configuration Protocol ) , IP ( Internet Protocol) addresses , masks and much more . If the ΛXstandard options" are enabled then they will allow PCs and the hub to detect each other and prompt the user for actions such as entering the PC name and a network domain name . Problems can arise with wireless networks where a second network is operational in proximity to a first . In these circumstances , the user of the first network has to distinguish between the detected hardware from the first and second networks .
Despite requiring the user to input information on the screen of the PC, users may be able to share resources that access the internet relatively quickly. However the network is likely to be insecure and vulnerable to attack, especially if the default settings have been chosen as the various components were installed .
In making the network secure, the user ' s next problem is the setup of the firewall . Due to the nature of wireless technology it is essential that firewalls be configured correctly or unrestricted access by unknown third parties can be granted unwittingly. Firewalls typically allow the user to set them up such that only specific PCs can gain access to the internet and indeed each other . A secure way to configure a firewall in this way is to use the MAC (media access control) address relating to each network adaptor . This MAC address has to be obtained from the adapter ' s associated PC and entered into the firewall configuration for each network adaptor in use .
After setting up the firewall to restrict unauthorised connection to the network it is important to also secure the wireless traffic that is transmitted from one network node to the other with respect to eavesdropping . This is another problem for a novice user . This requires setting up the security aspect of the wireless network and means allocating a WEP (Wireless Encryption Protocol) or WPA (Wi-fi Protected Access) key or password. A WEP or WPA key is an encryption key and it is entered by the user on each PC which is wirelessly connected. It ensures that third parties can not easily eavesdrop on traffic and gain priority information . The WEP or WPA configuration is however normally buried deep within a network system dialogue box.
In summary, the problems are that the setup of the firewall and WEP or WPA keys are complicated processes that require skill and understanding of the user . Consequently, many users do not implement these powerful and secure features of the network even though they purchase it with the capabilities embedded within the hardware and software provided.
USB tokens are known in the prior art to be used for authentication of users in a network. Typically the token contains a cryptographic chip for securely storing a user ' s personal identity information, such as passwords or digital certificates . It is an obj ect of the present invention to provide an improved authentication of network connections .
According to a first aspect of the present invention there is provided a controller for network authentication comprising: a network interface ; an authentication module comprising authentication settings , wherein the authentication module is adapted to control the network interface to authenticate network connections to network nodes using the authentication settings ; and a token interface adapted to connect to a token, thereby updating the authentication settings .
Preferably, the authentication module comprises a firewall .
Preferably, the authentication settings comprise network node identification information .
Preferably, the token interface is adapted to receive network node identification information from the at least one token and to update the authentication settings with the received network node identification information .
Preferably, the token interface is adapted to connect to the token via a USB (Universal Serial Bus ) connection .
Preferably, the token interface is adapted to update the authentication settings on detection of disconnection of a token from the token interface . Preferably, the token interface is adapted to update the authentication settings upon a further condition.
Preferably, the further condition is the expiration of a timer .
Alternatively, the further condition is a manual intervention .
According to a second aspect of the present invention there is provided a token for network authentication comprising : a controller interface adapted to connect to a network authentication controller, thereby updating the network authentication controller ' s authentication settings ; and a node interface adapted to connect to a network node and extract network node identification information from the network node .
Preferably, the controller interface is adapted to connect to the network authentication controller via a USB connection .
Preferably, the controller interface is adapted to update the network authentication controller authentication settings by transferring network node identification information to the network authentication controller .
Preferably, the network node identification information comprises a media access control address .
Preferably, the network node identification information comprises an encryption key. Preferably, the encryption key is a WEP key .
Optionally the encryption key is a WPA key .
Preferably, the node interface is further adapted to configure the network node for connection to a network authentication controller .
Preferably, the node interface is adapted to configure the network node by transferring an encryption key to the network node .
Preferably, the node interface is adapted to configure the network node by transferring network authentication controller identification information to the network node .
Preferably, the token further comprises a storage module adapted to store the network node identification information.
Preferably, the storage module is further adapted to store the network authentication controller identification information .
Preferably, the token further comprises an encryption key generation module .
Preferably, the token further comprises a user input module adapted to initiate the operation of the token .
Preferably, the user input module is a button . Preferably, the user input module further comprises a user authentication module .
Preferably, the token further comprises an indicator module adapted to indicate the completion of the operation of the token .
According to a third aspect of the present invention there is provided an apparatus comprising a controller and at least one token, wherein the controller authenticates network connections to network nodes by connection to the at least one token .
Preferably, the controller is a controller according to the first aspect .
Preferably, the token is a token according to the second aspect .
According to a fourth aspect of the present invention there is provided a method of authenticating network connections including the steps : connecting a token to a network node; extracting network node identification information from the network node and storing the information in the token; connecting the token to a controller; updating the controller ' s authentication settings using the network node identification information from the token; and the controller authenticating network connections to network nodes using its authentication settings . Preferably, the method further includes a step, while the token is connected to the network node, of configuring the network node for connection to a network authentication controller.
Preferably, the network node is configured with network authentication controller identification information .
Preferably, the network node is configured with an encryption key.
Preferably, the method further includes generating the encryption key and storing the encryption key in the token .
Preferably, the operation of the token is initiated by user input .
Preferably, the method further includes indicating that an operation of the token is complete .
Preferably, the method further includes disconnecting the token from the network node .
Preferably, the method further includes automatically updating the controller authentication settings on disconnection of a token from the controller, so as to disable authentication of network connections to a network node . Preferably, the method further includes automatically updating the controller authentication settings upon a further condition.
Preferably, the further condition is the expiration of a timer .
Alternatively, the further condition is a manual intervention.
Preferably, the network node identification information comprises a MAC address .
Preferably, the network node identification information comprises an encryption key .
The present invention will be described by example only, with reference to the accompanying figures in which:
Figure 1 illustrates in schematic form network apparatus in accordance with an embodiment of the present invention;
Figure 2 illustrates in schematic form an network authentication controller in accordance with an embodiment of the present invention;
Figure 3 illustrates in schematic form a network authentication token in accordance with an embodiment of the present invention; and Figure 4 illustrates a flow chart of the steps of network node authentication in accordance with an embodiment of the present invention .
With reference to Figure 1 , a wireless network with a broadband internet connection is shown in accordance with an embodiment of the present invention .
A PC 1 has an attached wireless network adaptor 2. This is shown as a separate device attached to the PC, but alternatively a plug in card may be used. The network node made up of the PC and wireless network adaptor has a network connection to the controller 3. The controller is a secure wireless hub that acts as the firewall and ADSL (Asymmetric Digital Subscriber Line) modem. The ADSL modem is connected to the internet via a telecommunications switch 4. The controller has several USB sockets 5. Each USB socket can receive a token or key which permits network access for the PC previously configured by the token . The token has a USB plug 7 for plugging in to the PC ' s USB socket 8 and subsequently into one of the controller ' s sockets . A series of colour coded labels are provided for attaching to the token and the PC that the token has configured . This aids in identifying which token has been associated with which PC ' s network connection. The controller authenticates the network connection of the PC through the controller to other PC ' s on the network (not shown) or other networks devices (not shown) such as a streaming audio player or network storage device, as well as to the internet using the broadband connection . With reference to figure 2 , a controller 21 is shown . The controller provides network authentication. The network interface 22 provides a wireless network connection 23 a wired internet connection 24 and a wired ADSL connection 25. An authentication module 26 has stored authentication settings 27. The settings include identification information about network nodes, in particular MAC addresses of network adaptors in the network nodes and WEP keys . In this embodiment, the WEP encryption standard is used, although other embodiments may use other standards or methods , such as WPA. The authentication module controls the network interface so as to authenticate network connections to network nodes using the authentication settings . The controller also has a token interface 28 for receiving the connection of tokens through the USB slots 5. When a token is connected to the token interface, network node identification information including a MAC address and a WEP key is transferred into the controller and used to update the authentication settings . The authentication module acts as a firewall . The token interface or some other part of the controller detects the disconnection of a token and automatically updates the authentication settings so as to disable a network connection through the controller from the PC that has previously been configured by and is now associated with the token . In an alternative embodiment , the disconnection of a token does not automatically cause the token interface or controller to update the authentication settings so as to disable a network connection . Instead, when the token is removed from the token interface, the token interface or controller does not disable the network connection until after a timer expires or an administrator manually disables the connection. This allows a user to have a token configured by their IT department , briefly insert and remove their token at a Wi-fi hot spot, such as a cafe, and have temporary access to the network, without having to remember to collect their token . This has the advantage of only requiring the user to have one interaction with the controller, at the beginning of their network access session .
With reference to Figure 3 , a token for network authentication is shown. The token 31 has a controller interface 32 for connecting to one of the controllers USB sockets 5 by connection of the tokens USB plug to a socket . The controller interface updates the controller ' s authentication settings by transferring network node identification information to the controller . This information includes the MAC address of the network node to be authenticated and the WEP encryption key generated by the token . MAC information is stored in a storage that is flash memory 34. The storage also stores information about the identity of the controller including its network address . The token also has a network node interface 35 that connects through the USB plug to a USB socket on the PC 8. The node interface, on connection to the PC, configures the PC ' s settings for connection to the controller . This includes transferring the controller ' s network address to the PC and transferring a generated WEP encryption key to the PC . The node interface also extracts node identification information from the PC, in particular including the MAC address of the PC ' s network adapter. The token also includes an encryption module 36 for generating WEP encryption keys . The interfaces and modules of the token are implemented using a standard single chip microcontroller powered by the USB interface . The token also includes a button 37 for the user to start the operation of the token when it is plugged into the PC or the controller . An indicator LED 38 shows the user that the operation of the token is complete . A user authentication module 39 authenticates users . This can be achieved with a biometric sensor and stored biometric information or, for example, a password that can be accessed and configured using the PC with the token connected to it . Thus the use of the key can be restricted to certain authorised users .
In this embodiment, the token is a USB device which when instructed to do so, by pressing its start button, is able to configure the PC ' s network settings and to extract information about a PC ' s wireless adaptor . In particular, the token extracts and stores the MAC address in its memory and generates a unique WEP key for the configuration of the network settings within the PC . Once it has completed its task it turns on a green light to indicate that it is complete .
By inserting the token into the controller and pressing the start button the user is once again activating the token . This time the token and controller co-operate to update the firewall and network settings within the controller with the details about the PC that it was last activated in .
The process is repeated with separate tokens for each PC in the network . When a user is finished he has a token in the controller for each PC which will remain there as long as the network setup for that PC is desired. In the alternative embodiment, the token may be removed and the network setup for the associated PC persists until a timer expires or some other condition occurs , such as a manual intervention by an administrator .
In this embodiment, should the user ever want to disable a PC ' s network connection, all the user has to do is to remove the appropriate token from the controller . This will trigger the firewall to be updated. During the set up each item (PC, network adaptor and token) has a colour coded sticker applied to it . This ensures that a particular PC can be simply identified and removed from the network with no complex administration software required.
Not only can an inexperienced user set up a network, they can also manage it . At home this is important were a parent may wish to restrict access in rooms at certain times and is equally important in the office were simple administration is a requirement . The token may be programmed to change access privileges using a software Application running on a PC with a token connected to it .
The controller of this embodiment has five sockets to receive tokens but this number can be extended significantly with an extension device carrying a further ten sockets connected via USB to the controller , with further extensions being added in a daisy chain .
With reference to Figure 4 a detailed flowchart of one example of the authentication method is shown . The user connects 41 a token to the PC and presses 42 the start button . The token extracts 43 the MAC address of the network adaptor from the PC and stores it in the token . The token generates 44 a WEP encryption key and stores it in the token ' s memory. The token then configures 45 the PC network settings for connection to the controller by providing the PC with the controller network address and the generated WEP encryption key. The token then activates 46 the LED to indicate that its operation is complete and the user disconnects 47 the token from the PC . The user carries the token to the controller and connects 48 the token by plugging it into a USB socket . The user again presses 49 the start button which causes the token to update 50 the controller' s authentication settings by transferring the MAC address from the PC and the generated encryption key from the token' s memory into the controller . The token then activates 51 the LED to indicate that its operation is complete . With the token connected, the controller begins to authenticate 52 network connections using the authentication settings . In particular it allows network traffic and network connections between network nodes , other network nodes , and the internet for the particular network node configured by and associated with the token . This continues until the user disconnects 53 the token from the controller which causes the controller to automatically update 54 its authentication settings so as to disable the authentication of the network node configured by and identified with the disconnected token . Thereafter the controller performs authentication 55 for network connections but does not allow connection or traffic to or from the network node configured by and associated with the disconnected token . In the alternative embodiment , the controller begins to authenticate 52 network traffic , but continues after the disconnection 53 of the token until a further condition is met , for example the expiration of a timer, the manual intervention of an administrator, or the authenticated network node going out of range of the wireless network connection .
In a further embodiment, the authentication may cease irrespective of when the token is removed, for example after a timer expires .
In a further embodiment tokens are provided associated with network nodes that the user has no direct access to, for example a special token can be pre-programmed with network node information relating to internet access so that the controller will not activate its internet connection via the ADSL modem unless the particular token is plugged into the controller . In another embodiment a master token can be used to activate all network connections or disable the operation of MAC authentication of all the network nodes .
The present invention provides several advantages to end users . These include ease of installation, a no-jargon approach using an easy to understand metaphor, simple network administration capability, a secure network infrastructure , secure wireless communications and an easy to scale solution appropriate for home or office use . An advantage for the retailer and manufacturer is that limited support is required compared to solutions which involve user configuration via software interfaces . Further modifications and improvements may be added without departing from the scope of the invention herein described.

Claims

1. A controller for network authentication comprising : a network interface ; an authentication module comprising authentication settings , wherein the authentication module is adapted to control the network interface to authenticate network connections to network nodes using the authentication settings ; and a token interface adapted to connect to a token, thereby updating the authentication settings .
2. The controller of claim 1 , wherein the authentication module comprises a firewall .
3. The controller of any previous claim, wherein the authentication settings comprise network node identification information .
4. The controller of any previous claim, wherein the token interface is adapted to receive network node identification information from the at least one token and to update the authentication settings with the received network node identification information .
5. The controller of any previous claim, wherein the token interface is adapted to connect to the token via a USB (Universal Serial Bus ) connection .
6. The controller of any previous claim, wherein the token interface is adapted to update the authentication settings on detection of disconnection of a token from the token interface .
7. The controller of any previous claim, wherein the token interface is adapted to update the authentication settings upon a further condition.
8. The controller of claim 7 , wherein the further condition is the expiration of a timer.
9. The controller of claim 7 , wherein the further condition is a manual intervention .
10. A token for network authentication comprising : a controller interface adapted to connect to a network authentication controller, thereby updating the network authentication controller ' s authentication settings ; and a node interface adapted to connect to a network node and extract network node identification information from the network node .
11. The token of claim 10 , wherein the controller interface is adapted to connect to the network authentication controller via a USB connection .
12. The token of any of claims 10 to 11, wherein the controller interface is adapted to update the network authentication controller authentication settings by transferring network node identification information to the network authentication controller .
13. The token of any of claims 10 to 12 , wherein the network node identification information comprises a media access control address .
14. The token of any of claims 10 to 13 , wherein the network node identification information comprises an encryption key.
15. The token of any of claims 10 to 14 , wherein the encryption key is a WEP key.
16. The token of any of claims 10 to 14 , wherein the encryption key is a WPA key.
17. The token of any of claims 10 to 16 , wherein the node interface is further adapted to configure the network node for connection to a network authentication controller .
18. The token of any of claims 10 to 17 , wherein the node interface is adapted to configure the network node by transferring an encryption key to the network node .
19. The token of any of claims 10 to 18 , wherein the node interface is adapted to configure the network node by transferring network authentication controller identification information to the network node .
20. The token of any of claims 10 to 19 , further comprising a storage module adapted to store the network node identification information .
21. The token of claim 20 , wherein the storage module is further adapted to store the network authentication controller identification information .
22. The token of any of claims 10 to 21 , further comprising an encryption key generation module .
23. The token of any of claims 10 to 22 , further comprising a user input module adapted to initiate the operation of the token .
24. The token of claim 23 , wherein the user input module is a button .
25. The token of any of claims 23 to 24 , wherein the user input module further comprises a user authentication module .
26. The token of any of claims 10 to 25 , further comprising an indicator module adapted to indicate the completion of the operation of the token .
27. An apparatus comprising a controller and at least one token, wherein the controller authenticates network connections to network nodes by connection to the at least one token .
28. The apparatus of claim 27 , wherein the controller is a controller according to claims 1 to 9.
29. The apparatus of any of claims 27 to 28 , wherein the token is a token according to the claims 10 to 26.
30. A method of authenticating network connections including the steps : connecting a token to a network node; extracting network node identification information from the network node and storing the information in the token; connecting the token to a controller; updating the controller ' s authentication settings using the network node identification information from the token; and the controller authenticating network connections to network nodes using its authentication settings .
31. The method of claim 30 , further including a step, while the token is connected to the network node, of configuring the network node for connection to a network authentication controller .
32. The method of any of claims 30 to 31 , wherein the network node is configured with network authentication controller identification information.
33. The method of any of claims 30 to 32 , wherein the network node is configured with an encryption key.
34. The method of any of claims 30 to 33 , wherein the method further includes generating the encryption key and storing the encryption key in the token .
35. The method of any of claims 30 to 34 , wherein the operation of the token is initiated by user input .
36. The method of any of claims 30 to 35 , further including indicating that an operation of the token is complete .
37. The method of any of claims 30 to 36 , further including disconnecting the token from the network node .
38. The method of any of claims 30 to 37 , further including automatically updating the controller authentication settings on disconnection of a token from the controller, so as to disable authentication of network connections to a network node .
39. The method of any of claims 30 to 38 , further including automatically updating the controller authentication settings upon a further condition .
40. The method of claim 39 , wherein the further condition is the expiration of a timer .
41. The method of claim 39 , wherein the further condition is a manual intervention.
42. The method of any of claims 30 to 41 , wherein the network node identification information comprises a MAC address .
43. The method of any of claims 30 to 42 , wherein the network node identification information comprises an encryption key.
PCT/GB2005/005016 2004-12-21 2005-12-21 Apparatus and method for enabling network connection WO2006067471A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US63785304P 2004-12-21 2004-12-21
US60/637,853 2004-12-21

Publications (1)

Publication Number Publication Date
WO2006067471A1 true WO2006067471A1 (en) 2006-06-29

Family

ID=36035769

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/GB2005/005016 WO2006067471A1 (en) 2004-12-21 2005-12-21 Apparatus and method for enabling network connection

Country Status (1)

Country Link
WO (1) WO2006067471A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1985058A2 (en) * 2006-02-14 2008-10-29 Novatel Wireless, Inc Method and apparatus for configuring nodes in a wireless network
CN112311756A (en) * 2019-07-24 2021-02-02 罗伯特·博世有限公司 Method for insured configuration of an automated system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6385729B1 (en) * 1998-05-26 2002-05-07 Sun Microsystems, Inc. Secure token device access to services provided by an internet service provider (ISP)
US20040123113A1 (en) * 2002-12-18 2004-06-24 Svein Mathiassen Portable or embedded access and input devices and methods for giving access to access limited devices, apparatuses, appliances, systems or networks
US20050050352A1 (en) * 2003-08-28 2005-03-03 International Business Machines Corporation Method and system for privacy in public networks

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6385729B1 (en) * 1998-05-26 2002-05-07 Sun Microsystems, Inc. Secure token device access to services provided by an internet service provider (ISP)
US20040123113A1 (en) * 2002-12-18 2004-06-24 Svein Mathiassen Portable or embedded access and input devices and methods for giving access to access limited devices, apparatuses, appliances, systems or networks
US20050050352A1 (en) * 2003-08-28 2005-03-03 International Business Machines Corporation Method and system for privacy in public networks

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1985058A2 (en) * 2006-02-14 2008-10-29 Novatel Wireless, Inc Method and apparatus for configuring nodes in a wireless network
EP1985058A4 (en) * 2006-02-14 2010-07-14 Novatel Wireless Inc Method and apparatus for configuring nodes in a wireless network
CN112311756A (en) * 2019-07-24 2021-02-02 罗伯特·博世有限公司 Method for insured configuration of an automated system

Similar Documents

Publication Publication Date Title
AU2004240251B2 (en) Configuring a thin client device for operation in a network
JP5087088B2 (en) External storage device authentication method, apparatus and system
US7409709B2 (en) Systems and methods for automatically reconfiguring a network device
US8041035B2 (en) Automatic configuration of devices upon introduction into a networked environment
JP3829794B2 (en) Information processing apparatus, server client system and method, and computer program
US20060068760A1 (en) System and method for pairing dual mode wired/wireless devices
EP2779712A1 (en) Configuring Secure Wireless Networks
US20110265151A1 (en) Method of adding a client device or service to a wireless network
WO2004023727A1 (en) Apparatus authentication device, apparatus authentication method, information processing device, information processing method, and computer program
JP2007528057A (en) Guest dongle and method of connecting guest device to wireless home network
JP2011517184A (en) How to install a wireless network
JP2003162339A (en) Authentication program, storage medium with the authentication program recorded thereon, authentication server machine, client terminal device, authentication system and authentication method
US20090164644A1 (en) Wireless security configuration system and method
JP2010283553A (en) Network management method based on kind of equipment, network management device, program
CN103460669B (en) For method and the communicator of the cryptoguard of field equipment data communication
KR20150141095A (en) Wireless camera, wireless Network Video Recoder and method for automatic registration ability thereof
EP2084880A2 (en) Method and a first device for associating the first device with a second device
US20170366529A1 (en) Method and apparatus of implementing a vpn tunnel
CN109841273B (en) One-stop integration method and device of medical diagnosis software
JP2015132947A (en) authentication method and authentication system
CN107735998A (en) The structure of network instrument and method of data network are accessed for networking component
WO2006067471A1 (en) Apparatus and method for enabling network connection
US20160127375A1 (en) Method and apparatus for secure wireless sharing
US8555372B2 (en) Automatic firewall configuration
Brown et al. MultiNet: Reducing interaction overhead in domestic wireless networks

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KM KN KP KR KZ LC LK LR LS LT LU LV LY MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU LV MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 05825187

Country of ref document: EP

Kind code of ref document: A1